wiki:SpSetup

Version 5 (modified by jpmitchell@…, 13 years ago) (diff)

--

Shibboleth / Shibboleth SP Setup

This page documents installing a Shibboleth SP.

UA Supported Configurations:

  • Windows and Apache or IIS
  • Linux and Apache or IIS
  • Shibboleth SP Version 2.4.2

Installation:

  1. Download and install the appropriate installers/packages.
  2. Configure the SP
    • Remove and regen the SP keys.
      • Linux:
        [root@idmt-1 shibboleth]# pwd
        /etc/shibboleth
        [root@idmt-1 shibboleth]# rm -rf sp-key.pem sp-cert.pem 
        [root@idmt-1 shibboleth]# ./keygen.sh 
        Generating a 2048 bit RSA private key
        ...........................................................................................+++
        .........................................................................................................................................................+++
        writing new private key to 'sp-key.pem'
        -----
        
      • Windows: TBD
    • Download and setup the IdP's metadata.
      • Linux:
        [root@idmt-1 shibboleth]# wget https://idp.alaska.edu/idp-metadata.xml
        --2011-06-27 15:50:17--  https://idp.alaska.edu/idp-metadata.xml
        Resolving idp.alaska.edu... 137.229.114.38
        Connecting to idp.alaska.edu|137.229.114.38|:443... connected.
        HTTP request sent, awaiting response... 200 OK
        Length: 6973 (6.8K) [application/xml]
        Saving to: `idp-metadata.xml'
        
        100%[===================================================================================================================================================================================================>] 6,973       --.-K/s   in 0s      
        
        2011-06-27 15:50:17 (302 MB/s) - `idp-metadata.xml' saved [6973/6973]
        [root@idmt-1 shibboleth]# pwd
        /etc/shibboleth
        [root@idmt-1 shibboleth]# vi shibboleth2.xml
                    -->
                    <SSO entityID="https://idp.example.org/shibboleth"
                      SAML2 SAML1
                    </SSO>
        
                    <!-- SAML and local-only logout. -->
                    <Logout>SAML2 Local</Logout>
        
                <!-- Example of locally maintained metadata. -->
                <MetadataProvider type="XML" file="idp-metadata.xml"/>
        :wq!
        
      • Windows: TBD